Full Report
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs.
Analysis Summary
# Vulnerability: Cleartext Transmission of Sensitive Information in Gemalto Admin Control Center
## CVE Details
- **CVE ID:** CVE-2019-8282
- **CVSS Score:** 4.2 (Medium)
*Note: While the source text lists a "0.0" score, the provided vector string `CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L` calculates to a 4.2 Medium.*
- **CWE:** CWE-319 (Cleartext Transmission of Sensitive Information)
## Affected Systems
- **Products:** Gemalto (Thales) Sentinel LDK (License Development Kit) / Admin Control Center
- **Versions:** All versions prior to 7.92
- **Configurations:** Systems configured to download or update language packs via the Admin Control Center interface.
## Vulnerability Description
The Gemalto Admin Control Center communicates with the remote server `www3.safenet-inc[.]com` to retrieve language packs using unencrypted HTTP. Because the communication channel lacks TLS/SSL encryption, an attacker positioned on the network path can perform a Man-in-the-Middle (MITM) attack. This allows the attacker to intercept the traffic, view the requests, and potentially inject unauthorized or malicious content in place of the legitimate language pack files.
## Exploitation
- **Status:** Unknown (No publicly documented exploits at time of report)
- **Complexity:** High (Requires the ability to intercept/redirect network traffic and time the attack during a language pack download)
- **Attack Vector:** Network
- **User Interaction:** Required (User must trigger the language pack update/download)
## Impact
- **Confidentiality:** Low (Information regarding system configuration and language preferences may be exposed)
- **Integrity:** None (The advisory notes the possibility of replacing packs, but CVSS vector suggests limited direct integrity impact to the system itself)
- **Availability:** Low (Injected malicious packs could potentially cause the Admin Control Center to malfunction or crash)
## Remediation
### Patches
- **Update to Sentinel LDK version 7.92** or later. This version enforces secure communication for downloading components.
### Workarounds
- Restrict outbound HTTP (Port 80) access from the host machine to `www3.safenet-inc[.]com` at the firewall level.
- Manually install language packs from a trusted offline source rather than using the automated update feature in vulnerable versions.
## Detection
- **Indicators of compromise:** Presence of unencrypted HTTP traffic directed toward `http[:]//www3.safenet-inc[.]com` originating from the Admin Control Center service.
- **Detection methods and tools:** Use network monitoring tools (e.g., Wireshark, Zeek) to identify cleartext transmissions involving the Gemalto software. Confirm the version of `hasplms.exe` or the Sentinel LDK suite is below 7.92.
## References
- Kaspersky ICS-CERT Advisory: `https[:]//ics-cert.kaspersky[.]com/advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/`
- NVD CVE-2019-8282: `https[:]//nvd.nist[.]gov/vuln/detail/CVE-2019-8282`